PREMIUM PESCAN.IO - Analysis Report |
|||||||
| File Structure |
|
PE Chart Code
Header PE (light blue)
Executable sections (pink)
Non-executable sections (black)
External injected code (red)
File Structure in red = malformed or corrupted header
Chart Code For Other Files
Printable characters (blue)
Non-printable characters (black)
| Information |
Icon: Size: 1,30 MBSHA-256 Hash: DCA60B6BA188E4F8886AFD5002C8A4AB49E27F70E0C81DAFA4CB3BBECFB3B38A SHA-1 Hash: 4ECFEF9DBD4F72E03148CCE41D9DB83AEF10439F MD5 Hash: 82956750AECAF1AF9836E465E4F4E65D Imphash: AFCDF79BE1557326C854B6E20CB900A7 MajorOSVersion: 5 MinorOSVersion: 1 CheckSum: 00155B23 EntryPoint (rva): 27DCD SizeOfHeaders: 400 SizeOfImage: 154000 ImageBase: 400000 Architecture: x86 ImportTable: BA44C IAT: 8F000 Characteristics: 122 TimeDateStamp: 674E40C3 Date: 02/12/2024 23:20:35 File Type: EXE Number Of Sections: 5 ASLR: Enabled Section Names: .text, .rdata, .data, .rsrc, .reloc Number Of Executable Sections: 1 Subsystem: Windows GUI UAC Execution Level Manifest: asInvoker |
| Sections Info |
| Section Name | Flags | ROffset | RSize | VOffset | VSize | Entropy | Chi2 |
|---|---|---|---|---|---|---|---|
| .text | 0x60000020 Code Executable Readable |
400 | 8DE00 | 1000 | 8DCC4 |
|
|
| .rdata | 0x40000040 Initialized Data Readable |
8E200 | 2E200 | 8F000 | 2E10E |
|
|
| .data | 0xC0000040 Initialized Data Readable Writeable |
BC400 | 5200 | BE000 | 8F74 |
|
|
| .rsrc | 0x40000040 Initialized Data Readable |
C1600 | 84400 | C7000 | 84294 |
|
|
| .reloc | 0x42000040 Initialized Data GP-Relative Readable |
145A00 | 7200 | 14C000 | 711C |
|
|
| Description |
| Language: English (United Kingdom) (ID=0x809) CodePage: Unicode (UTF-16 LE) (0x4B0) |
| Entry Point |
The section number (1) - (.text) have the Entry Point Information -> EntryPoint (calculated) - 271CD Code -> E8B5D00000E97FFEFFFFCCCCCCCCCCCCCCCCCC57568B7424108B4C24148B7C240C8BC18BD103C63BFE76083BF80F82680300 Assembler |CALL 0XE0BA |JMP 0XE89 |INT3 |INT3 |INT3 |INT3 |INT3 |INT3 |INT3 |INT3 |INT3 |PUSH EDI |PUSH ESI |MOV ESI, DWORD PTR [ESP + 0X10] |MOV ECX, DWORD PTR [ESP + 0X14] |MOV EDI, DWORD PTR [ESP + 0XC] |MOV EAX, ECX |MOV EDX, ECX |ADD EAX, ESI |CMP EDI, ESI |JBE 0X1033 |CMP EDI, EAX |
| Signatures |
| Rich Signature Analyzer: Code -> 361CADCF727DC39C727DC39C727DC39C342C229C707DC39CECDD049C737DC39C7F2F1C9C417DC39C7F2F239CC37DC39C7F2F229C477DC39C7B05409C7B7DC39C7B05509C577DC39C727DC29C527FC39C0F04299C227DC39C0F041C9C737DC39C7F2F189C737DC39C727D549C737DC39C0F041D9C737DC39C52696368727DC39C Footprint md5 Hash -> F8E2C4C9B0283896D8E957FA68E23948 • The Rich header apparently has not been modified Certificate - Digital Signature Not Found: • The file is not signed |
| Packer/Compiler |
| Compiler: Microsoft Visual C ++ Compiler: Microsoft Visual C ++ 6 DLL Compiler: Autoit 3 - (You can use a decompiler for this...) Detect It Easy (die) • PE: library: AutoIt(3.XX)[-] • PE: compiler: EP:Microsoft Visual C/C++(2013-2017)[EXE32] • PE: compiler: Microsoft Visual C/C++(2013)[-] • PE: linker: Microsoft Linker(12.0*)[-] • Entropy: 7.3293 |
| Suspicious Functions |
| Library | Function | Description |
|---|---|---|
| KERNEL32.DLL | VirtualAlloc | Reserve, commit, or both, a region of memory within the virtual address space of a process. |
| KERNEL32.DLL | CopyFileW | Copies an existing file to a new file. |
| KERNEL32.DLL | WriteFile | Writes data to a specified file or input/output (I/O) device. |
| KERNEL32.DLL | LoadLibraryA | Loads the specified module into the address space of the calling process. |
| KERNEL32.DLL | LoadLibraryW | Loads the specified module into the address space of the calling process. |
| KERNEL32.DLL | CreateToolhelp32Snapshot | Creates a snapshot of the specified processes, heaps, threads, and modules. |
| KERNEL32.DLL | WriteProcessMemory | Writes data to an area of memory in a specified process. |
| KERNEL32.DLL | ReadProcessMemory | Reads data from an area of memory in a specified process. |
| KERNEL32.DLL | GetProcAddress | Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL). |
| KERNEL32.DLL | IsDebuggerPresent | Determines if the calling process is being debugged by a user-mode debugger. |
| USER32.DLL | GetAsyncKeyState | Retrieves the status of a virtual key asynchronously. |
| SHELL32.DLL | ShellExecuteW | Performs a run operation on a specific file. |
| SHELL32.DLL | ShellExecuteExW | Performs a run operation on a specific file. |
| Windows REG (UNICODE) |
| Software\AutoIt v3\AutoIt SOFTWARE\Classes\ SYSTEM\CurrentControlSet\Control\Nls\Language |
| File Access |
| OLEAUT32.dll ole32.dll SHELL32.dll ADVAPI32.dll COMDLG32.dll GDI32.dll USER32.dll KERNEL32.dll UxTheme.dll USERENV.dll IPHLPAPI.DLL PSAPI.DLL WININET.dll MPR.dll COMCTL32.dll WINMM.dll VERSION.dll WSOCK32.dll @.dat Temp UserProfile |
| File Access (UNICODE) |
| USER32.DLL combase.dll BBbad allocationmscoree.dll Temp ProgramFiles AppData UserProfile |
| Interest's Words |
| PADDINGX exec attrib start shutdown systeminfo ping replace |
| Interest's Words (UNICODE) |
| exec attrib start pause comspec shutdown ping expand replace |
| IP Addresses |
| 255.255.255.255 |
| Strings/Hex Code Found With The File Rules |
| Rule Type | Encoding | Matched (Word) |
|---|---|---|
| Text | Ascii | Registry (RegCreateKeyEx) |
| Text | Ascii | Registry (RegOpenKeyEx) |
| Text | Ascii | Registry (RegSetValueEx) |
| Text | Ascii | Registry (RegDeleteKeyEx) |
| Text | Ascii | File (GetTempPath) |
| Text | Ascii | File (CopyFile) |
| Text | Ascii | File (CreateFile) |
| Text | Ascii | File (WriteFile) |
| Text | Ascii | File (ReadFile) |
| Text | Ascii | Anti-Analysis VM (IsDebuggerPresent) |
| Text | Ascii | Anti-Analysis VM (GetSystemInfo) |
| Text | Ascii | Anti-Analysis VM (GlobalMemoryStatusEx) |
| Text | Ascii | Anti-Analysis VM (GetVersion) |
| Text | Ascii | Anti-Analysis VM (CreateToolhelp32Snapshot) |
| Text | Ascii | Reconnaissance (FindFirstFileW) |
| Text | Ascii | Reconnaissance (FindNextFileW) |
| Text | Ascii | Reconnaissance (FindClose) |
| Text | Ascii | Stealth (ExitThread) |
| Text | Ascii | Stealth (CloseHandle) |
| Text | Ascii | Stealth (VirtualAlloc) |
| Text | Ascii | Stealth (ReadProcessMemory) |
| Text | Ascii | Execution (CreateProcessA) |
| Text | Ascii | Execution (CreateProcessW) |
| Text | Ascii | Execution (ShellExecute) |
| Text | Ascii | Execution (ResumeThread) |
| Text | Ascii | Execution (CreateEventW) |
| Text | Unicode | Privileges (SeAssignPrimaryTokenPrivilege) |
| Text | Unicode | Privileges (SeBackupPrivilege) |
| Text | Unicode | Privileges (SeDebugPrivilege) |
| Text | Unicode | Privileges (SeIncreaseQuotaPrivilege) |
| Text | Unicode | Privileges (SeRestorePrivilege) |
| Text | Unicode | Privileges (SeShutdownPrivilege) |
| Text | Unicode | Keyboard Key (ALTDOWN) |
| Text | Unicode | Keyboard Key (ALTUP) |
| Text | Unicode | Keyboard Key (SHIFTDOWN) |
| Text | Unicode | Keyboard Key (SHIFTUP) |
| Text | Unicode | Keyboard Key (CTRLDOWN) |
| Text | Unicode | Keyboard Key (CTRLUP) |
| Text | Unicode | Keyboard Key (LWINDOWN) |
| Text | Unicode | Keyboard Key (LWINUP) |
| Text | Unicode | Keyboard Key (RWINDOWN) |
| Text | Unicode | Keyboard Key (RWINUP) |
| Text | Unicode | Keyboard Key (LBUTTON) |
| Text | Unicode | Keyboard Key (MBUTTON) |
| Text | Unicode | Keyboard Key (RBUTTON) |
| Text | Unicode | Keyboard Key (NUMPAD0) |
| Text | Unicode | Keyboard Key (NUMPAD1) |
| Text | Unicode | Keyboard Key (NUMPAD2) |
| Text | Unicode | Keyboard Key (NUMPAD3) |
| Text | Unicode | Keyboard Key (NUMPAD4) |
| Text | Unicode | Keyboard Key (NUMPAD5) |
| Text | Unicode | Keyboard Key (NUMPAD6) |
| Text | Unicode | Keyboard Key (NUMPAD7) |
| Text | Unicode | Keyboard Key (NUMPAD8) |
| Text | Unicode | Keyboard Key (NUMPAD9) |
| Text | Unicode | Keyboard Key (CapsLock) |
| Text | Ascii | Malware that monitors and collects user data (Spy) |
| Text | Ascii | Malicious rerouting of traffic to an attacker-controlled site (Redirect) |
| Entry Point | Hex Pattern | Microsoft Visual C++ 8 |
| Entry Point | Hex Pattern | Microsoft Visual C++ 8 |
| Entry Point | Hex Pattern | VC8 - Microsoft Corporation |
| Resources |
| Path | DataRVA | Size | FileOffset | Code | Text |
|---|---|---|---|---|---|
| \ICON\1\2057 | C75A8 | 128 | C1BA8 | 2800000010000000200000000100040000000000C000000000000000000000000000000000000000000000007A60EB00795F | (....... ...................................z..y_ |
| \ICON\2\2057 | C76D0 | 128 | C1CD0 | 28000000100000002000000001000400000000008000000000000000000000001000000010000000000000007A60EB00795F | (....... ...................................z..y_ |
| \ICON\3\2057 | C77F8 | 128 | C1DF8 | 2800000010000000200000000100040000000000C000000000000000000000000000000000000000000000007A60EB00795F | (....... ...................................z..y_ |
| \ICON\4\2057 | C7920 | 2E8 | C1F20 | 2800000020000000400000000100040000000000000000000000000000000000000000000000000000000000000000000080 | (... ...@......................................... |
| \ICON\5\2057 | C7C08 | 128 | C2208 | 2800000010000000200000000100040000000000000000000000000000000000000000000000000000000000000000000080 | (....... ......................................... |
| \ICON\6\2057 | C7D30 | EA8 | C2330 | 28000000300000006000000001000800000000000000000000000000000000000000000000000000000000009F7747000000 | (...0.......................................wG... |
| \ICON\7\2057 | C8BD8 | 8A8 | C31D8 | 2800000020000000400000000100080000000000000000000000000000000000000000000000000000000000A06A3C00AB7E | (... ...@....................................j<..~ |
| \ICON\8\2057 | C9480 | 568 | C3A80 | 28000000100000002000000001000800000000000000000000000000000000000000000000000000000000009E6F3E009D72 | (....... ....................................o>..r |
| \ICON\9\2057 | C99E8 | 25A8 | C3FE8 | 2800000030000000600000000100200000000000000000000000000000000000000000000000000000000000000000000000 | (...0........ ................................... |
| \ICON\10\2057 | CBF90 | 10A8 | C6590 | 2800000020000000400000000100200000000000000000000000000000000000000000000000000000000000000000000000 | (... ...@..... ................................... |
| \ICON\11\2057 | CD038 | 468 | C7638 | 2800000010000000200000000100200000000000000000000000000000000000000000000000000000000000000000000000 | (....... ..... ................................... |
| \MENU\166\2057 | CD4A0 | 50 | C7AA0 | 00000000900043006F006E007400650078007400310000000000A7005300630072006900700074002000260050006100750073006500640000000000000000008000A800450026007800690074000000 | ......C.o.n.t.e.x.t.1.......S.c.r.i.p.t. .&.P.a.u.s.e.d.............E.&.x.i.t... |
| \STRING\7\2057 | CD4F0 | 594 | C7AF0 | 0000000000000000000009002800500061007500730065006400290020000C004100750074006F0049007400200045007200 | ............(.P.a.u.s.e.d.). ...A.u.t.o.I.t. .E.r. |
| \STRING\8\2057 | CDA84 | 68A | C8084 | 300049006E0063006F007200720065006300740020006E0075006D0062006500720020006F00660020007000610072006100 | 0.I.n.c.o.r.r.e.c.t. .n.u.m.b.e.r. .o.f. .p.a.r.a. |
| \STRING\9\2057 | CE110 | 490 | C8710 | 30004500780070006500630074006500640020006100200022003D00220020006F00700065007200610074006F0072002000 | 0.E.x.p.e.c.t.e.d. .a. .".=.". .o.p.e.r.a.t.o.r. . |
| \STRING\10\2057 | CE5A0 | 5FC | C8BA0 | 1A0049006E00760061006C00690064002000660069006C0065002000660069006C0074006500720020006700690076006500 | ..I.n.v.a.l.i.d. .f.i.l.e. .f.i.l.t.e.r. .g.i.v.e. |
| \STRING\11\2057 | CEB9C | 65C | C919C | 3E002200530065006C0065006300740022002000730074006100740065006D0065006E00740020006900730020006D006900 | >.".S.e.l.e.c.t.". .s.t.a.t.e.m.e.n.t. .i.s. .m.i. |
| \STRING\12\2057 | CF1F8 | 466 | C97F8 | 4800430061006E0020007000610073007300200063006F006E007300740061006E0074007300200062007900200072006500 | H.C.a.n. .p.a.s.s. .c.o.n.s.t.a.n.t.s. .b.y. .r.e. |
| \STRING\313\2057 | CF660 | 158 | C9C60 | 00000000000000000000000000000000150055006E00610062006C006500200074006F002000700061007200730065002000 | ..................U.n.a.b.l.e. .t.o. .p.a.r.s.e. . |
| \RCDATA\SCRIPT\0 | CF7B8 | 7B55B | C9DB8 | A3484BBE986C4AA9994C530A86D6487D41553321454130364DA8FF7324A73CF67A12F167ACC193E76B43CA52A6AD0000E1BB | .HK..lJ..LS...H}AU3!EA06M..s$.<.z..g....kC.R...... |
| \GROUP_ICON\99\2057 | 14AD14 | 76 | 145314 | 0000010008002020100001000400E8020000040010101000010004002801000005003030000001000800A80E000006002020 | ...... ....................(.....00............ |
| \GROUP_ICON\162\2057 | 14AD8C | 14 | 14538C | 0000010001001010100001000400280100000200 | ..............(..... |
| \GROUP_ICON\164\2057 | 14ADA0 | 14 | 1453A0 | 0000010001001010100001000400280100000100 | ..............(..... |
| \GROUP_ICON\169\2057 | 14ADB4 | 14 | 1453B4 | 0000010001001010100001000400280100000300 | ..............(..... |
| \VERSION\1\2057 | 14ADC8 | DC | 1453C8 | DC0034000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000001000000 | ..4...V.S._.V.E.R.S.I.O.N._.I.N.F.O............... |
| \24\1\2057 | 14AEA4 | 3EF | 1454A4 | 3C617373656D626C7920786D6C6E733D2275726E3A736368656D61732D6D6963726F736F66742D636F6D3A61736D2E763122 | <assembly xmlns="urn:schemas-microsoft-com:asm.v1" |
| Intelligent String |
| • RUNAS • RUNASWAIT • mscoree.dll • combase.dll • !"$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]_abcdefghijklmnopqrstuvwxyz{|}~kernel32.dll • USER32.DLL • COMSPEC • runas • 0.0.0.0 • .lnk • 255.255.255.255 • .icl • .exe • .dll • COMCTL32.dll • KERNEL32.dll • USER32.dll • COMDLG32.dll |
| Flow Anomalies |
| Offset | RVA | Section | Description |
|---|---|---|---|
| 657 | 48F734 | .text | CALL [static] | Indirect call to absolute memory address |
| 6D8 | 48F584 | .text | CALL [static] | Indirect call to absolute memory address |
| 74D | 48F0D0 | .text | CALL [static] | Indirect call to absolute memory address |
| 75C | 48F0EC | .text | CALL [static] | Indirect call to absolute memory address |
| 773 | 48F128 | .text | CALL [static] | Indirect call to absolute memory address |
| 79C | 48F0EC | .text | CALL [static] | Indirect call to absolute memory address |
| 7BF | 48F0D8 | .text | CALL [static] | Indirect call to absolute memory address |
| 7DB | 48F14C | .text | CALL [static] | Indirect call to absolute memory address |
| 7EE | 48F0EC | .text | CALL [static] | Indirect call to absolute memory address |
| 801 | 48F0C8 | .text | CALL [static] | Indirect call to absolute memory address |
| 81C | 48F0C4 | .text | CALL [static] | Indirect call to absolute memory address |
| 94C | 48F128 | .text | CALL [static] | Indirect call to absolute memory address |
| 9C3 | 48F124 | .text | CALL [static] | Indirect call to absolute memory address |
| A02 | 48F124 | .text | CALL [static] | Indirect call to absolute memory address |
| AAB | 48F584 | .text | CALL [static] | Indirect call to absolute memory address |
| AD4 | 48F584 | .text | CALL [static] | Indirect call to absolute memory address |
| B9A | 48F630 | .text | CALL [static] | Indirect call to absolute memory address |
| BFE | 48F694 | .text | CALL [static] | Indirect call to absolute memory address |
| C1B | 48F670 | .text | CALL [static] | Indirect call to absolute memory address |
| C2C | 48F130 | .text | CALL [static] | Indirect call to absolute memory address |
| C76 | 48F62C | .text | CALL [static] | Indirect call to absolute memory address |
| CE2 | 48F584 | .text | CALL [static] | Indirect call to absolute memory address |
| DFA | 48F584 | .text | CALL [static] | Indirect call to absolute memory address |
| E4E | 48F528 | .text | CALL [static] | Indirect call to absolute memory address |
| E61 | 48F140 | .text | CALL [static] | Indirect call to absolute memory address |
| F9A | 48F658 | .text | CALL [static] | Indirect call to absolute memory address |
| 1173 | 48F720 | .text | CALL [static] | Indirect call to absolute memory address |
| 1187 | 48F114 | .text | CALL [static] | Indirect call to absolute memory address |
| 1191 | 48F688 | .text | CALL [static] | Indirect call to absolute memory address |
| 11DC | 48F634 | .text | CALL [static] | Indirect call to absolute memory address |
| 121D | 48F694 | .text | CALL [static] | Indirect call to absolute memory address |
| 1245 | 48F670 | .text | CALL [static] | Indirect call to absolute memory address |
| 1374 | 48F634 | .text | CALL [static] | Indirect call to absolute memory address |
| 138D | 48F694 | .text | CALL [static] | Indirect call to absolute memory address |
| 14D3 | 48F63C | .text | CALL [static] | Indirect call to absolute memory address |
| 156E | 48F70C | .text | CALL [static] | Indirect call to absolute memory address |
| 15D3 | 48F528 | .text | CALL [static] | Indirect call to absolute memory address |
| 1631 | 48F528 | .text | CALL [static] | Indirect call to absolute memory address |
| 163B | 48F120 | .text | CALL [static] | Indirect call to absolute memory address |
| 1650 | 48F138 | .text | CALL [static] | Indirect call to absolute memory address |
| 1658 | 48F114 | .text | CALL [static] | Indirect call to absolute memory address |
| 170B | 48F148 | .text | CALL [static] | Indirect call to absolute memory address |
| 1757 | 48F5BC | .text | CALL [static] | Indirect call to absolute memory address |
| 1774 | 48F670 | .text | CALL [static] | Indirect call to absolute memory address |
| 19EC | 48F65C | .text | CALL [static] | Indirect call to absolute memory address |
| 1A23 | 48F65C | .text | CALL [static] | Indirect call to absolute memory address |
| 1CBC | 48F740 | .text | CALL [static] | Indirect call to absolute memory address |
| 1CC4 | 48F558 | .text | CALL [static] | Indirect call to absolute memory address |
| 1CEF | 48F740 | .text | CALL [static] | Indirect call to absolute memory address |
| 1CF7 | 48F558 | .text | CALL [static] | Indirect call to absolute memory address |
| 1D1C | 48F558 | .text | CALL [static] | Indirect call to absolute memory address |
| 1D39 | 48F5C4 | .text | CALL [static] | Indirect call to absolute memory address |
| 1D49 | 48F4CC | .text | CALL [static] | Indirect call to absolute memory address |
| 1D7C | 48F720 | .text | CALL [static] | Indirect call to absolute memory address |
| 1D90 | 48F510 | .text | CALL [static] | Indirect call to absolute memory address |
| 1DAE | 48F634 | .text | CALL [static] | Indirect call to absolute memory address |
| 1DCA | 48F114 | .text | CALL [static] | Indirect call to absolute memory address |
| 1DD5 | 48F688 | .text | CALL [static] | Indirect call to absolute memory address |
| 1DFC | 48F718 | .text | CALL [static] | Indirect call to absolute memory address |
| 1ECF | 48F71C | .text | CALL [static] | Indirect call to absolute memory address |
| 1F17 | 48F71C | .text | CALL [static] | Indirect call to absolute memory address |
| 20A2 | 48F63C | .text | CALL [static] | Indirect call to absolute memory address |
| 20E8 | 48F0C8 | .text | CALL [static] | Indirect call to absolute memory address |
| 20F3 | 48F0C8 | .text | CALL [static] | Indirect call to absolute memory address |
| 20FE | 48F73C | .text | CALL [static] | Indirect call to absolute memory address |
| 2109 | 48F63C | .text | CALL [static] | Indirect call to absolute memory address |
| 22AE | 48F510 | .text | CALL [static] | Indirect call to absolute memory address |
| 2474 | 48F730 | .text | CALL [static] | Indirect call to absolute memory address |
| 249E | 48F724 | .text | CALL [static] | Indirect call to absolute memory address |
| 24AF | 48F714 | .text | CALL [static] | Indirect call to absolute memory address |
| 24CC | 48F0AC | .text | CALL [static] | Indirect call to absolute memory address |
| 24DC | 48F0B0 | .text | CALL [static] | Indirect call to absolute memory address |
| 24F2 | 48F728 | .text | CALL [static] | Indirect call to absolute memory address |
| 2501 | 48F088 | .text | CALL [static] | Indirect call to absolute memory address |
| 254D | 48F0C8 | .text | CALL [static] | Indirect call to absolute memory address |
| 25A6 | 48F63C | .text | CALL [static] | Indirect call to absolute memory address |
| 2608 | 48F524 | .text | CALL [static] | Indirect call to absolute memory address |
| 29D4 | 48F018 | .text | CALL [static] | Indirect call to absolute memory address |
| 29F5 | 48F020 | .text | CALL [static] | Indirect call to absolute memory address |
| 2A17 | 48F01C | .text | CALL [static] | Indirect call to absolute memory address |
| 2A46 | 48F73C | .text | CALL [static] | Indirect call to absolute memory address |
| 2AD2 | 48F6BC | .text | CALL [static] | Indirect call to absolute memory address |
| 2AFC | 48F70C | .text | CALL [static] | Indirect call to absolute memory address |
| 2B1F | 48F718 | .text | CALL [static] | Indirect call to absolute memory address |
| 2B2A | 48F714 | .text | CALL [static] | Indirect call to absolute memory address |
| 2B3E | 48F710 | .text | CALL [static] | Indirect call to absolute memory address |
| 2B4D | 48F708 | .text | CALL [static] | Indirect call to absolute memory address |
| 2E50 | 48F730 | .text | CALL [static] | Indirect call to absolute memory address |
| 2E5F | 48F72C | .text | CALL [static] | Indirect call to absolute memory address |
| 2EC0 | 48F744 | .text | CALL [static] | Indirect call to absolute memory address |
| 2F16 | 48F724 | .text | CALL [static] | Indirect call to absolute memory address |
| 2F68 | 48F334 | .text | CALL [static] | Indirect call to absolute memory address |
| 2F7A | 48F330 | .text | CALL [static] | Indirect call to absolute memory address |
| 2FEB | 48F360 | .text | CALL [static] | Indirect call to absolute memory address |
| 306F | 48F208 | .text | CALL [static] | Indirect call to absolute memory address |
| 3560 | 48F4BC | .text | CALL [static] | Indirect call to absolute memory address |
| 3815 | 48F4BC | .text | CALL [static] | Indirect call to absolute memory address |
| 3832 | 48F4BC | .text | CALL [static] | Indirect call to absolute memory address |
| 3896 | 48F4BC | .text | CALL [static] | Indirect call to absolute memory address |
| 3924 | 48F70C | .text | CALL [static] | Indirect call to absolute memory address |
| Extra Analysis |
| Metric | Value | Percentage |
|---|---|---|
| Ascii Code | 832888 | 61,1095% |
| Null Byte Code | 159316 | 11,6891% |
© 2026 All rights reserved.